Automatic control of a security protection mode of an electronic device

ABSTRACT

An automated method and apparatus is provided for deterring unauthorized use or theft of electronic devices, or other sorts of items into which a tracking device has been installed, particularly those in a distribution channel. The automated method is performed by a computer system of a monitoring center, and comprises the steps of: receiving a call over a network from the electronic device, said call initiated by an agent installed on the electronic device, said agent including functionality for tracking usage of the electronic device and for reporting information regarding said usage to the monitoring center, the agent thereby facilitating recovery of the electronic device when stolen; in response to the call, determining, at least, whether a sale of the electronic device has been reported; and by communication with the agent, causing the electronic device to enter into a state that is dependent, at least, upon the determination of whether a sale of the electronic device has been reported, said state affecting whether the agent reports information to the monitoring center regarding usage of the electronic device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. provisional patentapplication No. 61/158,114 filed Mar. 6, 2009, the disclosure of whichis hereby fully incorporated by reference.

BACKGROUND

1. Technical Field

This disclosure relates to methods and apparatus for deterring theunauthorized use and theft of electronic devices, particularly those ina distribution channel, and to the implementation of a tracking agentfor the recovery of stolen devices.

2. Description of the Related Art

Laptops and other electronic devices such as personal computers, gamingdevices, communications devices and audio devices, as well as systemssuch as photocopiers that include devices containing processors areoften stolen during transit from the manufacturer to the retailer, fromvarious warehouses or containers in the distribution channel, and fromretailers' stores. The opportunity for theft is further exacerbated incases where retailers of such devices implement an ‘open’ salesenvironment, allowing customers to feel, touch and handle products.

Manufacturers, distributors and retailers do not necessarily have theappropriate staff or the systems to properly track items of inventorythat are en route to retailers' stores, or that are in retailers'stores. Purchasers do not necessarily want to be inconvenienced byhaving to enter an authorization code in order to get their newlypurchased laptop or other electronic device to work properly. It wouldaccordingly be useful if there were an anti-theft protection solutionthat is more convenient for staff in the supply chain as well as for theend user.

U.S. patent application Ser. No. 12/129,568 to Stevens, et al.,published on 4 Dec. 2008 as publication no. US2008/0301820 relates to atheft protection system that allows limited use of an electronic deviceafter purchase, but ultimately requires the user to enter anauthorization code for normal, continuing operation.

U.S. Pat. No. 7,266,849 issued on Sep. 4, 2007 to Gregory, et al.describes a method for deterring unauthorized use of an electronicdevice. The method comprises prompting a user for identity informationbefore permitting use of the device. This system may be inconvenient toa genuine owner of a new electronic device. For example, on inputting awrong password or no password, a genuine owner will not be able tooperate the device, and it may not be possible at that instant to findthe correct password or contact the manufacturer or vendor forassistance.

U.S. Pat. No. 6,654,890 issued on Nov. 25, 2003 to Girard relates to thewireless locking of a computer platform to discourage theft as theplatform is transported in a distribution channel This system involvesan automated wireless transmission of an authentication key into acomputer at the factory. An authentication key is sent separately to theintended recipient who is required to enter it.

U.S. Pat. No. 7,567,795 issued on Jul. 28, 2009 to Champion et al.discloses a system for protecting mobile phones. If a phone is usedwithout having been recorded as sold, then calls are directed to a fraudcentre and the onus is put on the user to demonstrate that use of thephone is legitimate.

SUMMARY

This summary is not an extensive overview intended to delineate thescope of the subject matter that is described and claimed herein. Thesummary presents aspects of the subject matter in a simplified form toprovide a basic understanding thereof, as a prelude to the detaileddescription that is presented below. Neither this summary nor thefollowing detailed description purports to define or limit theinvention; the invention is defined only by the claims.

By way of a general overview, an automated method and apparatus isprovided for deterring unauthorized use or theft of electronic devices(or other sorts of items into which a tracking device has beeninstalled), particularly those in a distribution channel In certainembodiments, an agent is installed in an electronic device, such as alaptop, by or on behalf of a manufacturer when the electronic device ismade. Each agent and/or device is identifiable by a serial number. Themanufacturers, distributors and/or retailers provide, to a monitoringcentre, details of devices that leave the distribution channel by beingsold or stolen. At the monitoring centre, agents for devices that areknown to have been sold or stolen are flagged, such that when thoseagents automatically call in to the monitoring centre (such as throughan internet connection), they can be instructed to disable themselvesfor devices that are sold, or provide tracking information if thedevices are stolen.

Agents that are flagged to be disabled, or alternately, removed, allowlegitimate purchasers of the corresponding devices to use them withoutbeing tracked.

Agents that are flagged because devices have been reported stolen arenot removed or disabled, but are instructed or allowed to performtracking functions, such as providing GPS location information, IPaddresses, taking photos, providing screenshots, capturing keystrokes,etc. in order to facilitate the recovery of the stolen devices.

In cases where a device leaves the distribution channel and/orretailer's store without having been recorded as sold or stolen, itsagent will still call in to the monitoring centre when it is connectedto the internet. In these situations, the agent or device is flagged asa “rogue” agent or device, use of the device is permitted as it is notknown whether the user is legitimate or not, and the retailer ormanufacturer whose distribution channel the device was in isautomatically informed of the existence of the rogue device. The agentmay also be instructed to perform rogue device procedures which aredifferent from procedures for sold or stolen devices.

Rogue device procedures, such as providing an alert on the device, mayhelp to alleviate privacy issues in the case where a retailer sold atrackable device and forgot to inform the monitoring centre to stoptracking. Rogue device procedures may also aid in the discovery of atheft of which the retailer was previously unaware.

BRIEF DESCRIPTION OF THE DRAWINGS

For a fuller understanding of the nature and advantages of the disclosedsubject matter, as well as the preferred mode of use thereof, referenceshould be made to the following detailed description, read inconjunction with the accompanying drawings. In the drawings, likereference numerals designate like or similar steps or components.

FIG. 1 is a schematic functional block diagram of an apparatus inaccordance with an embodiment of the disclosed subject matter.

FIG. 2 is a functional flow diagram schematically representing the flowprocess performed by a monitoring centre in accordance with embodimentsof the disclosed subject matter.

FIG. 3 is a functional flow diagram schematically representing the flowprocess performed by a system when a device is legitimately sold, inaccordance with embodiments of the disclosed subject matter.

FIG. 4 is a functional flow diagram schematically representing the flowprocess performed by a system when a device is known to be stolen from adistribution channel, in accordance with embodiments of the disclosedsubject matter.

FIG. 5 is a functional flow diagram schematically representing the flowprocess performed by a system for a rogue device, in accordance withembodiments of the disclosed subject matter.

FIG. 6 is a functional flow diagram schematically representing the flowprocess performed by a system when a device is returned to a store, inaccordance with embodiments of the disclosed subject matter.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Specific embodiments of the disclosed systems and methods will now bedescribed with reference to the drawings. Nothing in this detaildescription is intended to imply that any particular component, feature,or step is essential to the invention.

Terminology

Retailer's agent, Computrace™ agent or CT agent: As used herein, each ofthese terms refers to an agent that is used to protect an electronicdevice while in the distribution channel. The agent may be a software,firmware or hardware agent, or a combination thereof. The agent isconfigured to disable itself after a first call to a monitoring centrewhen the device is in the hands of a legitimate purchaser, and suchdisabling is preferably permanent for the protection of privacy. Theagent may be an agent supplied by Absolute Software Corporation, and mayhave persistent qualities such as those disclosed in U.S. PublicationNos. 2005/0216757 and 2006/0272020, the disclosures of which are herebyfully incorporated by reference. By way of example, this agent may bepartly or fully located in the BIOS, or in a hidden location on a harddrive, such as in a partition gap. After a legitimate purchase, aretailer's agent may be replaced, upgraded or reinstalled by alegitimate purchaser in order to give continued protection under thepurchaser's account. Such an upgrade may be to L4L, LoJack™, or LoJackfor Laptops™, all of which refer to the usual tracking agent a consumermay purchase and install on a device such as a laptop that is to beprotected. In some embodiments, a single agent couple may be providedthat acts as both a retailer's agent and, following activation by alegitimate purchase, as a usual tracking agent.

L4L™, LoJack™, LoJack for Laptops™: All of these refer to the usualtracking agent a consumer may purchase and install on a device to beprotected. The agent may be a software, firmware or hardware agent, or acombination thereof. The agent may be an agent supplied by AbsoluteSoftware Corporation, and may have persistent qualities such as thosedisclosed in U.S. Publication Nos. 2005/0216757 and 2006/0272020, thedisclosures of which are hereby fully incorporated by reference. By wayof example, this agent may be partly or fully located in the BIOS, or ina hidden location on a hard drive, such as in a partition gap.

Agent: When unqualified, may refer to either or both of the above. Anagent may communicate with a monitoring centre over an internetconnection. Other communication links are possible, such as switchedcommunications networks, private and public intranet, radio networks,satellite networks, and cable networks. Also possible are, for example,WWAN, WAN, LAN, etc., value-added networks, broadcast networks, cellularnetworks, and a homogeneous or heterogeneous combination of suchnetworks. Communications may be initiated by either the agent or by themonitoring centre.

Monitoring Centre (MC): A typical monitoring centre may comprise callservers and software, web servers and web applications, database serversand databases, authentication systems, administrative systems and backend processing systems, and may or may not be staffed. A monitoringcentre can take calls from agents over various bearer services such asIP or PSTN, and can identify computers and other electronic devices,determine their licensing level and record their attributes andlocation, install and update software on monitored computers, and set updata-delete services and theft-recovery tools. A monitoring centre canprovide a web interface for users to generate reports of their monitoredassets and their locations. It may include interfaces with gateways forSMS and may potentially communicate with computers which are switchedoff but have separately powered security modules. In some cases, themonitoring centre may include computing devices (servers, etc.) that arelocated remotely from one another.

Serial Number (SN): Each agent and/or electronic device to be protectedmay have a serial number for its identification. The serial number maybe allocated at manufacture, or it may be an allocated, electronicserial number that is derived from the individual serial numbers of thecomponents within the device.

Serial Number Manager (SNM) system: This may be a third party systemand/or company that manages devices with serial numbers. It may also beintegral to a distribution company, a security company and/or aretailer. Typically, these serial number manager systems keep track ofthe various different statuses of the devices that they are managing,such as keeping track of whether they have been manufactured, shipped,sold, lost, stolen, returned to the store, been damaged, been repairedetc. Such companies have systems that facilitate tracking of productsbetween different outlets of the same retail chain. Stores using serialnumber managers can be physical or they can be online.

Call: The term “call” is used herein to refer to a communication thatoccurs between an electronic device and a monitoring centre. Thiscommunication may occur over any of a variety of types of communicationnetworks (e.g., the internet, a mobile phone network, a proprietarywireless data network, etc.), and according to any of a variety ofcommunication protocols. Typically, the call is initiated by an agentinstalled on the electronic device (e.g., by execution of agent code bydevice), in which case the call may be referred being made by the agentor by the device. The call is typically made invisibly to (without theknowledge of) the user of the device.

Exemplary Embodiment

The detailed descriptions that follow are presented partly in terms ofmethods or processes, symbolic representations of operations,functionalities and features of the subject matter disclosed and claimedherein. These method descriptions and representations are the means usedby those skilled in the art to most effectively convey the substance oftheir work to others skilled in the art. A software implemented methodor process is here, and generally, conceived to be a self-consistentsequence of steps leading to a desired result. These steps requirephysical manipulations of physical quantities. Often, but notnecessarily, these quantities take the form of electrical or magneticsignals capable of being stored, transferred, combined, compared, andotherwise manipulated. It will be further appreciated that the linebetween hardware and software is not always sharp, it being understoodby those skilled in the art that software implemented processes may beembodied in hardware, firmware, or software, in the form of codedinstructions such as in microcode and/or in stored programminginstructions.

All of the methods and tasks described herein, excluding thoseidentified as performed by a human, may be performed and fully automatedby a computer system, and may be embodied in software code modulesexecuted by one or more general purpose computers. The code modules maybe stored in any type of computer-readable medium or other computerstorage device. Some or all of the methods may alternatively be embodiedin specialized computer hardware. The computer system may, in somecases, include multiple distinct computers or computing devices (e.g.,mobile devices, physical servers, workstations, storage arrays, etc.)that communicate and interoperate over a network to perform thedescribed functions. Each such computing device typically includes aprocessor (or multiple processors) that executes program instructions ormodules stored in a memory or other non-transitory computer-readablestorage medium. Where the system includes multiple computing devices,these devices may, but need not, be co-located. The results of thedisclosed methods and tasks may be persistently stored by transformingphysical storage devices, such as solid state memory chips and/ormagnetic disks, into a different state.

By way of example and not limitation, the subject matter disclosed andclaimed herein is described in detail below in relation to laptopcomputer distribution at the retail level. The inventive concept is, ofcourse, applicable to loss prevention at all levels in a distributionchannel (eg: manufacturer, shipper, warehouse, customs, wholesalers,resellers, distributors, etc.) and in relation to other types ofelectronic devices such as iPads™, iPods™, Blackberrys™, smart phones orother mobile communication devices, gaming consoles, personal digitalassistants, office equipment such as fax machines, memory devices, etc,medical equipment, any device with a processor, or a tracking devicethat is designed to be incorporated in another item that passes througha distribution channel.

FIG. 1 is a schematic functional block diagram of a system in accordancewith an embodiment of the disclosed subject matter. A manufacturer,which could be an OEM (i.e. Original Equipment Manufacturer),manufactures an electronic device 20 such as a laptop computer. Thedevice comprises an electronic memory 22 that stores computer readableinstructions forming an agent 21. Also in the device is a processor 23operably connected to the memory 22 via a bus 24. Optionally included isa location determination device 26, such as a GPS device, a system ofaccelerometers, a compass, or combinations of these. Locationinformation may also be determined by the agent 21 if, for example, itis configured to determine IP addresses. The device 20 can be connectedto a network 45 via interface 25 and communication link 42. The network45 may be the internet or a telecommunications network or a combinationof these.

After the device 20 has been manufactured, the manufacturer can provide,using computer terminal 10, the serial number of the agent 21 and/or theidentification of the device 20 to the monitoring centre 30.Communication may be via communication link 40, internet 45 andcommunication link 43. The monitoring centre 30 stores, in database 34in memory 36, data that identifies the device 20 and links it to theagent 21, such that when the agent 21 communicates with the monitoringcentre 30, the monitoring centre 30 can determine the identification ofdevice 20 that contains the agent 21.

The monitoring centre 30 comprises an electronic memory 36 that storescomputer readable instructions 35 for controlling communications withterminal 10 and device 20, when processed by processor 31. The processor31 is operably connected to the memory 36 via bus 32. The memory 36 alsocontains a database 34 that has information relating to the variousserial numbers of the agents 21 and/or the identification numbers of thedevices 20 that they are installed in. Various device statuses and/orflags may be stored in memory 36. An interface 33 is also present in themonitoring centre 30 and connected to processor 31 via bus 32, thisinterface 33 allowing connection to the internet 45 or telecommunicationnetwork using communication link 43.

When a device 20 has been shipped to a store and subsequently sold, theretailer can enter details of the sale on computer terminal 11,connected to the monitoring centre 30 via communication link 41, network45 and communication link 43. Details may be entered automatically asthe sale is processed, or they may be entered in a separate step. Forexample, it may be possible to trigger the process by simply scanning abarcode on the device 20 or the packaging of the device 20. A thirdparty software system, provided by a serial number manager (“SNM”), maybe used to facilitate the process of recording that a sale of a device20 has taken place.

FIG. 2 is a functional flow diagram schematically representing the mainflow process performed by a monitoring centre in accordance withembodiments of the disclosed subject matter. In this example, themonitoring centre is set up to monitor devices that have not necessarilybeen protected in a distribution channel, as well as devices 20 thathave been protected in the distribution channel according to thedisclosed subject matter.

At step 50, a particular agent 21 calls the monitoring centre 30 for thefirst time, and the monitoring centre 30 determines 52 whether or notthe particular associated device 20 is part of a given retailer'sprotected inventory. This determination 52 may be made by accessing thedatabase 34 to determine whether the serial number associated with thecalling agent 21 is registered with a retailer. If it is not, thenstandard procedures are followed 54. If, however, the calling agent 21in device 20 is determined to be part of a given retailer's inventory,then further checks (discussed below) are made as to the status of thedevice 20.

The next determination is as to whether the device has been flagged as‘Returned to store’ 56. This determination 52, and the determinationrepresented by block 60 (discussed further below), may be made based oninformation previously reported to the monitoring centre 30 by theretailer's computer system, or by remotely querying the retailer'ssystem in response to the call. It could be that the device 20 was takenhome by a customer, opened, not connected to the internet and returnedto the store. If this is the case, some stores may not be interested inre-selling the device 20 to another customer, and may dispose of it viaother channels. In this case, the agent may be instructed to perform‘Return Procedures’ 58, described below.

If the device 20 has not been flagged as ‘Returned to store’ 56, thenthe monitoring centre 30 determines at step 60 whether the device hasbeen recorded as legitimately sold. If it has, then the agent 21 mayoptionally be instructed to perform ‘Upsell Procedures’ 62. This mayinvolve offering the customer an opportunity to purchase continuingprotection using the agent 21, another version of agent 21, or areplacement agent.

If the device 20 has not been legitimately sold 60, the monitoringcentre 30 determines whether a theft report exists 64 for the particulardevice 20. If the device has been stolen and there is a theft reportthat has been lodged with the monitoring centre 30, then the agent 21 isinstructed to undergo ‘Recovery Procedures’ 66 and provide trackinginformation.

If, however, there is no theft report 64, the device 21 is determined tobe a ‘Rogue Device’, because it is somehow outside of the distributionchannel without knowledge of the staff in the distribution channel orstaff in the store. The agent 21 in the device 20 is thereforeinstructed by the monitoring centre 30 to perform ‘Rogue DeviceProcedures’ 68. To add to the explanation in this figure, the “RogueComputer” procedures initiated may occur if, for example:

-   -   a) a computer is sold but has not yet been recorded as sold in        the SNM system;    -   b) a computer is connected to the internet from within a store        as a demonstration model or for the use of the staff; or    -   c) a computer is stolen from the store without the store        personnel realizing it.

TABLE 1 Flags Reported Sold Call Opened if stolen flag made returnedStatus Action 1 Yes No No Stolen from Track on channel connection 2 YesNo Yes Stolen from Track channel 3 No Yes No Sold Disable on connection4 No Yes Yes Sold Disable 5 No No No In channel None 6 No No Yes RogueAlert channel personnel 7 No Yes No Yes For Disable on disposalconnection 8 No Yes Yes Yes For Disable disposal 9 No Yes No No Re-stockSet ‘sold’ flag to ‘no’

Table 1 summarizes various statuses of the device, and actions to betaken by the retailer's agent. In the first two rows, the device isreported by the manufacturer, distributor or retailer as stolen from thedistribution channel without being sold. Before a call is made, theagent for the particular device is flagged at the monitoring centre tostart tracking functions when it connects to the internet or othernetwork. When a call is made, the agent is instructed to track. In rows3 and 4, the device is recorded as sold. Before a call is made, theagent for the particular device is flagged at the monitoring centre todisable itself when it connects to the internet or other network. When acall is made, the agent is instructed to disable itself. In rows 5 and6, the agent is neither reported as stolen nor sold. Without a callbeing made, the device is assumed to be in the distribution channelHowever, if a call is made (row 6), the device is deemed to be a roguedevice. In rows 7 and 8, the device is sold and opened but subsequentlyreturned to the store without having been connected to the internet. Acall has therefore not been made to the monitoring centre and so theagent in the device is flagged at the monitoring centre for disabling asand when it calls in. In row 9, the device has been sold, then returnedto the store without being opened, in which case it is restocked and the‘sold’ flag for the agent is reset at the monitoring centre.

FIG. 3 is a functional flow diagram schematically representing the flowprocess performed by a system when a device is legitimately sold, inaccordance with embodiments of the disclosed subject matter.

The agent 21 is pre-installed 70 on a device 20 in the factory, and thedevice 20 is then shipped 72 from the manufacturer to a retailer. Themanufacturer registers 74 the serial number (“SN”) of the device with aserial number manager (“SNM”), and the serial number manager sends 76 itto the monitoring centre (“MC”) 30 in a data feed. Steps 74 and 76 couldbe combined in step 77 with the elimination of the serial numbermanager, and the manufacturer providing the information directly to themonitoring centre 30. The monitoring centre 30 associates 78 thereceived serial number with the retailer to which the device 20 isdestined.

In step 80, the retailer sells the device 20. The retailer registers 82the sale of the device 20 with the serial number manager, which thensends 85 the detail of the sale to the monitoring centre 30. Steps 82and 85 may be combined in a single step 84 with the elimination of theserial number manager, and the registering of the sale at the monitoringcentre 30 directly by the retailer. The monitoring centre 30 thenrecords 86 the sale of the device 20.

The customer then connects 88 the device 20 to the internet, and theagent 21 in the device 20 places 90 a call to the monitoring centre 30,such as by instructing the device 20 to communicate with the monitoringcentre 30. This call may be placed as a background task, without theknowledge of the customer. The monitoring centre 30 receives the calland determines 92, from the agent providing the serial number of thedevice 20 and the association in step 78, that the device 20 is includedin the retailer's inventory. The monitoring centre 30 then checks 94existing records, made in step 86, and determines that the device 20 hasbeen legitimately sold.

Due to the device 20 being legitimately sold, the agent 21 is instructed96 to permanently disable itself (or delete itself or uninstall itself),or depending on the configuration chosen, to initiate upsell procedures.It may be configured to give the purchaser a choice 96. If the purchaserdecides to uninstall the agent, or even do nothing, the serial number ofthe device is removed 97 from the retailer's account, and the agent 21is uninstalled 98. If the purchaser selects the upgrade option, thepurchaser is taken 100 to an upgrade website where purchase of a furtheror continuing agent such as L4L™, LoJack™, LoJack for Laptops™ can betransacted. Once the transaction is complete, the agent is upgraded 102and details of the initial agent are removed 104 from the retailer'saccount.

If for any reason the upgrade transaction fails 99, it may be triedagain by returning to the prompt in step 96. If the transaction failstoo many times 99, it will in preferred embodiments be aborted, theserial number for the device will be removed 97 from the retailer'saccount, and the agent will be uninstalled 98.

For the process to be effective on the first agent call after the sale,the registering of the sale of a particular serial number by theretailer should be rapid compared to the typical time it takes for acustomer to take the device home, open up the box, set up the device andconnect to the internet.

FIG. 4 is a functional flow diagram schematically representing the flowprocess performed by a system when a device is stolen from adistribution channel, in accordance with embodiments of the disclosedsubject matter.

At step 110, the agent 21 is pre-installed on the device 20 in thefactory, and the device 20 is then shipped 112 from the manufacturer toa retailer. The manufacturer registers 114 the serial number of thedevice with the monitoring centre 30. The monitoring centre associates116 the received serial number with the retailer to which the device 20is destined.

The device is then stolen 118 from the retailer and the retailer informsthe police 120. The retailer also informs 122 the monitoring centre 30,where the device 20 is flagged as stolen 124.

The thief then connects 126 the device 20 to the internet and the agent21 in the device 20 then places 128 a call to the monitoring centre 30.The monitoring centre 30 receives the call and determines 130, from theagent 21 providing the serial number of the device 20 and theassociation in step 116, that the device 20 is included in theretailer's inventory. The monitoring centre 30 then checks 132 existingrecords, made in step 124, and determines that the device 20 has beenflagged as stolen. As a result, the agent 21 is instructed to perform134 tracking functions that would not otherwise be performed, such asregularly or irregularly providing IP addresses of the connections madeto the internet, recording and providing screenshots, taking photos,capturing keystrokes, providing alerts or instructions on how to returnthe device, or disabling in full or in part the operation of the device20. The tracking functions may preferably be performed invisibly to thethief.

FIG. 5 is a functional flow diagram schematically representing the flowprocess performed by a system for a rogue device, in accordance withembodiments of the disclosed subject matter.

At step 150, the agent 21 is pre-installed on the device 20 in thefactory, and the device 20 is then shipped 152 from the manufacturer toa retailer. The manufacturer registers 154 the serial number of thedevice 20 with the monitoring centre 30, and the monitoring centre 30associates 156 the received serial number with the retailer to which thedevice 20 is destined.

The device 20 is then stolen 158 from the retailer without theretailer's knowledge. The thief then connects 160 the device 20 to theinternet, and the agent 21 in the device 20 places 162 a call to themonitoring centre 30. The monitoring centre 30 receives the call anddetermines 164, from the agent 21 providing the serial number of thedevice 20 and the association in step 156, that the device 20 isincluded in the retailer's inventory. The monitoring centre 30 thenchecks 166 existing records, finds that the device 20 has neither beenreported as stolen nor sold, and as a consequence deems 168 that thedevice 20 is a rogue device.

The monitoring centre 30 then automatically sends 170 a message to theretailer that the device 20 with the particular serial number is‘suspicious’ or rogue. This message could, for example, be an email toan individual (e.g. staff member of the distribution channel orretailer) who may be steered to an appropriate web page that links to aserial number manager or the monitoring centre 30. The retailer can theninvestigate 172 whether the device 20 was indeed sold, and not recordedproperly as a sale, in which case the retailer can inform the monitoringcentre 30 and the agent 21 can then be instructed to proceed to theupsell procedures 176. The retailer may also determine at step 172 thatthere was indeed a theft, in which case the police and the monitoringcentre 30 can be informed 174, allowing the agent 21 to be instructed bythe monitoring centre 30 to go into tracking mode as described above. Itmay also be the case that the retailer cannot determine at step 172 whathappened, in which case the monitoring centre 30 can be informed and theagent 21 may be uninstalled 178 to protect a potential bona fidepurchaser from invasion of privacy.

The benefit of this process is that it provides an alert to the OEM,distributor and/or retailer that a device 20 is connected to theinternet, or is being used in possibly an unauthorized manner, and thatan investigation should be made. This is especially useful for largeretailers or networks of retailers with many different staff membersbeing collectively responsible for numerous devices distributed in manylocations.

FIG. 6 is a functional flow diagram schematically representing the flowprocess performed by a system when a device is returned to a store, inaccordance with embodiments of the disclosed subject matter.

If a device 20 is returned to the store after the device's packaging hasbeen opened, there is generally a risk that the device is not in the “asnew” state, particularly if it is a device that can be programmed orhave software installed upon by a customer. Retailers would not in mostcases want to risk reselling such devices in the same way as newdevices, and may want to uninstall an agent if the customer has notalready done so.

At step 180, a device 20 is returned to the retailer. If at step 182 thebox or the packaging is unopened, then the retailer may want to re-sellthe device 20 and so returns 183 the device 20 to inventory for re-sale.The retailer sells 184 the device 20 to a new customer, who connects 186it to the internet following which the agent 21 places 188 a call to themonitoring centre 30. The process then continues 189 as in FIG. 2.

If at step 182 the device's packaging has been opened or the device 20has been used, the retailer may not want to re-sell it. In this case,the retailer indicates 190 to the monitoring centre 30 that the agent 21should be removed, as the retailer would desire to dispose of the device20 by means other than selling it to a regular consumer. The monitoringcentre 30 then flags the agent 21 for removal, and the retailer sends192 the device 20 for disposition, for example to a liquidator. Theagent 212 in device 20 then makes a call 194 to the monitoring centre30, where it is determined 196 that the retailer has requested removalof the agent (i.e. because it was opened and returned to the store). Themonitoring centre then instructs 198 the agent 21 to uninstall itself.

If a customer has already upgraded the retailer's agent to a full scaleLoJack™ agent or other tracking agent before returning the device 20 tothe store, then the customer can contact the monitoring centre 30 toflag the new agent for removal and to arrange to reinstall it in anotherdevice.

Additional Variations and Embodiments

Agent persistence may be less of a requirement in the scenario of theftfrom a distribution channel than in a theft from a consumer. If a thiefis does not know that an agent is deployed and they steal a boxedproduct or demonstration model, it is unlikely that they will reinstallthe operating system, as there will be no password to get past. In thiscase, a retailer agent that is not persistent may be deployed. However,better protection will be achieved with a persistent agent.

Time delays between the steps in the workflow diagrams may be introducedand optimally set for the system's proper and effective functioning. Forexample, in FIG. 2, after a legitimate sale, a thief could feasibly (butprobably not often) steal a laptop and connect it to the internet beforethe customer has a chance to do so. In this case, the thief couldrequest removal of the agent before the theft is reported by thecustomer. Thieves could, for example, lie in wait in the store, theparking lot, or could follow the purchaser home. No-one may at thismoment be paying to protect the machine between the store's cashregister and the user's home since the customer in theory may not yethave purchased additional agent protection, and the store protection hasbeen terminated. While not necessarily the store's problem, customersmay expect to be protected from theft in this way, especially ifin-store advertising is planned. This could be overcome, for example, bydelaying the uninstall process (e.g. for a few hours, a day, a few daysor a week or two) until after the actual uninstall request, which wouldgive ample time for a purchaser suffering a loss to phone the retaileror get in touch with the monitoring centre and have the uninstallcancelled.

Ownership might transfer from an OEM to a store either on productsleaving the factory, or on arrival at the store. Changes in ownershipmay also increase if one or more third party distributors servedifferent stores and takes intervening ownership of the products. If thetracking device has access to a long-lived power source while the deviceis effectively switched off, tracking communications could be madeduring transit. The device could use a separate power source, or itcould use its own battery on a minimal and occasional basis. The agentcould also wake up the device, or certain parts of it, for occasionalcommunications. In this way, the agent may detect changes of ownershipwhile in transit. This can be facilitated by a GPS functionality whereincluded in the device. Ownership changes may also be detected based onthe device arriving at a particular geographic location at a particulartime.

Optional features may be included to allow the device to come with, forexample, “one year of free L4L™”. In this case, the customer will beaware of the duration of the tracking period, and the agent will beconfigured to operate for one year from the date it detects a change inownership—for example by calling in to a monitoring centre. On switchingon the device for the first time, and the agent making its firstpost-sale call, the customer would supply updated contact details oruninstall the agent. If the customer does not register, nor uninstallthe agent, the device could be marked as “sold but not re-registered”,which would still allow the agent to call in from time to time to seewhether the device has been reported stolen. In the case of theft,tracking could start.

As an alternate to relying solely on the interne, the agent may make itsfirst contact via, for example, a mobile telephone. Telephone numberscould be reserved and assigned to the devices, and may be for single usefor making the first call to the monitoring centre from devices that arelegitimately purchased. After registration or uninstallation by the newowner, the number may automatically be unassigned. If, during the firstcall, the agent discovers that the device has been reported stolen, thenumber could optionally continue to be used until recovery has beenmade.

By default, all devices protected by the system may be associated with aparticular retailer if the system is set up as dedicated to a singleretailer.

Multiple Agents

There is the possibility that multiple agents may need to co-exist on adevice. For example, a retailer may decide to stock a certainmanufacturer's laptop that has Lojack for Laptops™ pre-loaded as part ofa “six month free trial”. The retailer may also want their own or adistributor's Computrace™ tracking agent to be installed so that thedevice is tracked if it is stolen from the store. If there are twoagents, and if the device is connected to a network, then the retailer'sagent should preferably call first, not the “free trial” agent. In thisexample, the retailer's agent can be set to operate with a higherpriority than the free trial agent so that, if the device is stolen fromthe distribution channel, the retailer's agent begins to operate ratherthan the free trial agent. If the device is sold and the customer logsin, the retailer's agent calls in to a monitoring centre and detectsthat the device has been legitimately sold, disables itself and makesway for the free trial agent to take over.

Alternately, a single agent may be configured to operate both as aretailer's agent and a free trial agent. On the first call to themonitoring centre, the agent detects whether the device has been flaggedas stolen, and if it has, the agent stays in the retailer mode. If thedevice has not been stolen, the agent converts to the free trial mode.

If the device is sold legitimately and the retailer wants to pitch adiscount up-sell to the customer for a tracking agent such as Lojack™,then on the first call after a legitimate purchase, the user could beprompted by the agent to enter a special offer code which would allowthe purchaser a discount off the usual price. Alternately, the retailercould sell ‘authorization codes’ to the purchasers of the devices, whichwould allow upgrading from the retailer's agent to the Lojack™ agentwithout any further charges.

The functions of the system are best shown in the attached figures, andthe present description includes the best presently contemplated mode ofcarrying out the subject matter disclosed and claimed herein. Thedescription is made for the purpose of illustrating the generalprinciples of the subject matter and not be taken in a limiting sense;the subject matter can find utility in a variety of implementationswithout departing from the scope of the disclosure made, as will beapparent to those of skill in the art from an understanding of theprinciples that underlie the subject matter.

1. An automated method of remotely monitoring and controlling anelectronic device, the method comprising: by a computer system of amonitoring centre: receiving a call over a network from the electronicdevice, said call initiated by an agent installed on the electronicdevice, said agent including functionality for tracking usage of theelectronic device and for reporting information regarding said usage tothe monitoring center, the agent thereby facilitating recovery of theelectronic device when stolen; in response to the call, determining, atleast, whether a sale of the electronic device has been reported; and bycommunication with the agent, causing the electronic device to enterinto a state that is dependent, at least, upon the determination ofwhether a sale of the electronic device has been reported, said stateaffecting whether the agent reports information to the monitoring centerregarding usage of the electronic device.
 2. The method of claim 1,wherein the method comprises, in response to detecting that a sale ofthe electronic device has been reported, causing the electronic deviceto enter into a state in which the agent does not report informationregarding usage of the computing device.
 3. The method of claim 2,wherein the method further comprises, in response to detecting that asale of the electronic device has been reported, causing the electronicdevice to prompt a user thereof to upgrade or replace the agent.
 4. Themethod of claim 1, wherein the method further comprises, in response tothe call, determining whether the electronic device has been reported asstolen.
 5. The method of claim 4, wherein the method further comprises,in response to determining that the electronic device has not beenreported as either sold or stolen, causing an alert message to betransmitted to a manufacturer or distributor of the electronic device.6. The method of claim 4, wherein the method further comprises, inresponse to the call, determining whether the electronic device has beenreported as associated with a particular retail entity.
 7. The method ofclaim 6, wherein the method further comprises, in response todetermining that the electronic device has not been reported as eithersold or stolen, and in response to determining that the electronicdevice has been reported as associated with a particular retail entity,causing an alert message to be transmitted to the retain entity.
 8. Themethod of claim 1, wherein the information regarding usage comprisesinformation reflective of a location of the electronic device.
 9. Asystem for remotely monitoring and controlling in a distribution channelan electronic device comprising a processor and a device memory, and aninterface for connection to a communications network, the systemcomprising: an agent installed on the electronic device, the agentincluding functionality for tracking usage of the electronic device andfor reporting information regarding said usage to a monitoring centre,the agent thereby facilitating recovery of the electronic device whenstolen; and a monitoring center comprising an interface for connectionto a communications network, a processor and a monitoring center memorycomprising a database of information relating to the identities andreports of sale of one or more individual agents, said monitoring centerbeing configured to: a. receive a call over a network from theelectronic device, said call initiated by the agent installed on theelectronic device; b. in response to the call, determine, at least,whether a sale of the electronic device has been reported; and c. bycommunication with the agent, cause the electronic device to enter intoa state that is dependent, at least, upon the determination of whether asale of the electronic device has been reported, said state affectingwhether the agent reports information to the monitoring center regardingusage of the electronic device.
 10. A computer system comprising atleast one physical computer, said computer system programmed, viaexecutable instructions stored in computer storage, to perform anautomated method of remotely monitoring and controlling an electronicdevice, the method comprising: receiving a call over a network from theelectronic device, said call initiated by an agent installed on theelectronic device, said agent including functionality for tracking usageof the electronic device and for reporting information regarding saidusage to the monitoring center, the agent thereby facilitating recoveryof the electronic device when stolen; in response to the call,determining, at least, whether a sale of the electronic device has beenreported; and by communication with the agent, causing the electronicdevice to enter into a state that is dependent, at least, upon thedetermination of whether a sale of the electronic device has beenreported, said state affecting whether the agent reports information tothe monitoring center regarding usage of the electronic device.